medium
5.5
CWE
667
Advisory Published
CVE Published
Updated

CVE-2024-26899: block: fix deadlock between bd_link_disk_holder and partition scan

First published: Wed Apr 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bd_link_disk_holder and partition scan 'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues. When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'open_mutex', such as scanning partitions, can cause deadlocks. For example, in raid: T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs. Fix it by introducing a local mutex 'blk_holder_mutex' to replace 'open_mutex'.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<6.7.11
6.7.11
redhat/kernel<6.8.2
6.8.2
redhat/kernel<6.9
6.9
Linux Kernel>=6.7<6.7.11
Linux Kernel>=6.8<6.8.2
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.119-1
6.12.11-1
6.12.12-1

Remedy

https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75

Remedy

https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62

Remedy

https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98

Remedy

https://git.kernel.org/linus/1b0a2d950ee2a54aa04fb31ead32144be0bbf690

Remedy

https://git.kernel.org/linus/03f12122b20b6e6028e9ed69030a49f9cffcbb75

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-26899?

    CVE-2024-26899 has a severity rating that indicates a potential for significant disruption due to a deadlock issue in the Linux kernel.

  • How do I fix CVE-2024-26899?

    To fix CVE-2024-26899, upgrade your Linux kernel to versions 6.7.11, 6.8.2, 6.9, or the latest available for your distribution.

  • What systems are affected by CVE-2024-26899?

    CVE-2024-26899 affects various versions of the Linux kernel, including those below version 6.7.11 and specific releases in the 5.10 and 6.x series.

  • Is CVE-2024-26899 actively being exploited?

    There is currently no public information indicating active exploitation of CVE-2024-26899, but it should be addressed promptly due to its nature.

  • What are the symptoms of CVE-2024-26899?

    Symptoms of CVE-2024-26899 may include system freezes or deadlocks related to block device operations.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203